Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/jLBduNxxNKgDba3-1WYMWVteGi0.roa
File:                     jLBduNxxNKgDba3-1WYMWVteGi0.roa (raw, json)
Hash identifier:          KUpNfjWxt4P+0oOd2LgpPhKotB+fQLPJrlsXaH2uueQ=
Subject key identifier:   8C:B0:5D:B8:DC:71:34:A8:03:6D:AD:FE:D5:66:0C:59:5B:5E:1A:2D
Certificate issuer:       /CN=1e95a069669ed5a766eee8ebdc32e39fb148410b
Certificate serial:       019425FDCCD8EEEC2796176A8BA9FF07FFD9
Authority key identifier: 1E:95:A0:69:66:9E:D5:A7:66:EE:E8:EB:DC:32:E3:9F:B1:48:41:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HpWgaWae1adm7ujr3DLjn7FIQQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/jLBduNxxNKgDba3-1WYMWVteGi0.roa
Signing time:             Thu 02 Jan 2025 07:49:37 +0000
ROA not before:           Thu 02 Jan 2025 07:49:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39728
IP address blocks:        91.217.4.0/23 maxlen: 23
                          91.217.4.0/24 maxlen: 24
                          91.217.5.0/24 maxlen: 24
                          176.113.224.0/19 maxlen: 19
                          178.214.160.0/19 maxlen: 19
                          178.216.232.0/21 maxlen: 21
                          185.149.196.0/22 maxlen: 22
                          185.149.198.0/24 maxlen: 24
                          185.149.199.0/24 maxlen: 24
                          185.178.245.0/24 maxlen: 24
                          194.31.152.0/22 maxlen: 22
                          2a07:6900::/48 maxlen: 48
                          2a07:6900:1::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:cc:d8:ee:ec:27:96:17:6a:8b:a9:ff:07:ff:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e95a069669ed5a766eee8ebdc32e39fb148410b
        Validity
            Not Before: Jan  2 07:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8cb05db8dc7134a8036dadfed5660c595b5e1a2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:77:f6:08:cd:51:16:52:e8:81:84:b2:bf:6b:
                    57:de:96:a8:8d:be:3e:d9:e6:fa:fc:49:db:73:cd:
                    aa:c4:8c:bb:53:ea:c7:6e:50:37:70:a4:cc:c2:dc:
                    30:a5:c9:15:bb:34:98:f0:dd:ea:e9:57:9e:95:fb:
                    c1:0e:b7:93:7a:7d:4e:2f:34:19:23:56:ff:be:ec:
                    8b:3f:29:8f:b2:46:e0:a4:9e:ec:70:b0:36:09:05:
                    c0:f9:20:61:94:85:b2:ba:0c:67:57:79:47:27:21:
                    13:a5:d8:ac:c5:b8:03:42:90:da:cf:78:ed:fc:ac:
                    4b:fb:38:b3:e8:1c:dd:49:ce:8c:c8:51:47:4a:a5:
                    e9:46:45:45:2f:4c:ae:04:3d:94:2e:de:66:cb:7f:
                    c4:9a:06:ce:9c:8b:41:2d:86:5e:df:b2:8f:91:3e:
                    c8:5b:4e:29:fc:86:5e:c6:b9:24:44:48:a0:24:ef:
                    2c:8c:ee:d7:c6:7d:3d:16:73:98:2d:92:b3:5e:f0:
                    34:6d:93:04:34:16:00:b4:e8:cd:3b:aa:da:73:76:
                    b7:df:5d:25:51:61:80:ab:3e:5d:71:fc:a1:3d:09:
                    d6:a2:4d:84:b2:ca:92:49:b4:c6:24:81:25:d0:7e:
                    6d:b8:de:86:c2:f8:d5:6a:50:dc:96:39:8e:6d:25:
                    34:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:B0:5D:B8:DC:71:34:A8:03:6D:AD:FE:D5:66:0C:59:5B:5E:1A:2D
            X509v3 Authority Key Identifier:
                keyid:1E:95:A0:69:66:9E:D5:A7:66:EE:E8:EB:DC:32:E3:9F:B1:48:41:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HpWgaWae1adm7ujr3DLjn7FIQQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/jLBduNxxNKgDba3-1WYMWVteGi0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/HpWgaWae1adm7ujr3DLjn7FIQQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.4.0/23
                  176.113.224.0/19
                  178.214.160.0/19
                  178.216.232.0/21
                  185.149.196.0/22
                  185.178.245.0/24
                  194.31.152.0/22
                IPv6:
                  2a07:6900::/47

    Signature Algorithm: sha256WithRSAEncryption
         1d:b9:05:ea:b0:69:48:c6:0e:22:73:a6:75:18:2a:34:4d:8e:
         07:9f:fd:bb:c2:b1:7f:12:2b:3e:e2:bf:3f:eb:e0:39:77:57:
         30:54:fe:41:e5:02:70:bd:31:06:00:a8:f9:3f:83:bd:3e:38:
         b7:fb:e8:da:07:6b:02:cb:b0:a3:79:6a:2b:78:f7:06:15:f3:
         71:b6:c9:df:d4:b9:85:2d:51:2c:c9:d4:c1:d5:f4:63:28:82:
         da:40:31:cb:be:fc:0c:8a:b7:8c:2e:f5:a6:93:06:f5:8c:84:
         ff:d1:5e:ee:ff:c3:45:b2:f1:c8:b1:a1:da:4d:01:9c:7e:73:
         90:1e:c7:6e:c9:2d:0e:69:b9:d5:fb:58:1d:d8:c7:c6:d0:b8:
         03:80:f3:ad:bc:25:b5:d5:50:35:64:a0:a6:5f:95:ed:74:8f:
         68:55:97:7b:7a:3e:d3:26:2a:91:e5:05:e6:76:10:66:e0:5f:
         5e:b8:f3:d5:f5:04:44:89:dc:d2:d0:3f:5c:d6:ff:74:a6:38:
         3d:11:ad:60:26:21:fa:3c:17:0c:e3:2a:69:2b:87:80:92:a3:
         87:e0:1d:2f:93:5f:6c:7b:bd:39:b7:46:c3:84:a1:66:c0:47:
         92:ee:0f:6b:39:7a:f3:98:40:67:98:1d:d8:5f:bd:a6:cc:05:
         0f:4f:fc:59
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAZQl/czY7uwnlhdqi6n/B//ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOTVhMDY5NjY5ZWQ1YTc2NmVlZThlYmRjMzJlMzlmYjE0
ODQxMGIwHhcNMjUwMTAyMDc0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2IwNWRiOGRjNzEzNGE4MDM2ZGFkZmVkNTY2MGM1OTViNWUxYTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy3f2CM1RFlLogYSyv2tX3paojb4+
2eb6/Enbc82qxIy7U+rHblA3cKTMwtwwpckVuzSY8N3q6VeelfvBDreTen1OLzQZ
I1b/vuyLPymPskbgpJ7scLA2CQXA+SBhlIWyugxnV3lHJyETpdisxbgDQpDaz3jt
/KxL+ziz6BzdSc6MyFFHSqXpRkVFL0yuBD2ULt5my3/EmgbOnItBLYZe37KPkT7I
W04p/IZexrkkREigJO8sjO7Xxn09FnOYLZKzXvA0bZMENBYAtOjNO6rac3a3310l
UWGAqz5dcfyhPQnWok2EssqSSbTGJIEl0H5tuN6GwvjValDcljmObSU0YQIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFIywXbjccTSoA22t/tVmDFlbXhotMB8GA1UdIwQY
MBaAFB6VoGlmntWnZu7o69wy45+xSEELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBXZ2FXYWUxYWRtN3VqcjNETGpuN0ZJUVFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8xMDc0NTYtZGY1My00MjRkLTkzMjAt
OTMzYmZhNTkyYjFkLzEvakxCZHVOeHhOS2dEYmEzLTFXWU1XVnRlR2kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8xMDc0NTYtZGY1My00MjRkLTkzMjAtOTMzYmZhNTkyYjFk
LzEvSHBXZ2FXYWUxYWRtN3VqcjNETGpuN0ZJUVFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAwBAIAATAqAwQBW9kEAwQF
sHHgAwQFstagAwQDstjoAwQCuZXEAwQAubL1AwQCwh+YMA8EAgACMAkDBwEqB2kA
AAAwDQYJKoZIhvcNAQELBQADggEBAB25BeqwaUjGDiJzpnUYKjRNjgef/bvCsX8S
Kz7ivz/r4Dl3VzBU/kHlAnC9MQYAqPk/g70+OLf76NoHawLLsKN5ait49wYV83G2
yd/UuYUtUSzJ1MHV9GMogtpAMcu+/AyKt4wu9aaTBvWMhP/RXu7/w0Wy8cixodpN
AZx+c5Aex27JLQ5pudX7WB3Yx8bQuAOA8628JbXVUDVkoKZfle10j2hVl3t6PtMm
KpHlBeZ2EGbgX16489X1BESJ3NLQP1zW/3SmOD0RrWAmIfo8FwzjKmkrh4CSo4fg
HS+TX2x7vTm3RsOEoWbAR5LuD2s5evOYQGeYHdhfvabMBQ9P/Fk=
-----END CERTIFICATE-----